5 reasons not to worry too much about cyber crime in Australia

Tuesday 26 Jun 2018 01 am

Cyber crime in Australia is something small businesses aren’t overly concerned by. And running a business, we can understand that. Juggling overheads and making sure clients get the best service are kind of critical to keeping the lights on. Anyway, there are plenty of reasons not to worry too much about what lurks out in the wild, wild web… or is there?

1. Rated the 5th biggest risk to their business by SMEs

Controlling expenses, chasing payments, competitors… in a 2017 report conducted by the NSW Government, cyber crime came in only 5th in terms of the biggest risk to a small business.

Not quite the podium finish you’d expect for all the news and attention it gets.

ON THE FLIP SIDE: Reality is starting to show a different picture. In 2017, a Norton survey showed almost 25% of businesses reported a cyber attack, up from 19% the previous year. Sure, 1-in-4 means you’re still odds on to dodge the “cybercrime bullet” for now, but the risk of your business being targeted is rising.

2. A third of all attacks throughout 2018 are projected to use fileless attacks

Two things might have popped up in your mind when reading the subheading above:

Only a third? That’s a pretty low figure

I have no idea what “fileless attacks” are - what have they got to do with me?

THERE IS NO FLIP SIDE: This is out and out a dangerous trend. But let’s start with Point 2.

Fileless attacks attempt to breach systems without the traditional approach of relying on a user to open or run an infected file. That’s what traditional antivirus and security apps are designed to look for.

Simply visiting a website is enough to trigger a fileless attack on your PC or device and give a criminal access to your systems or networks, all without you knowing it.

On Point 1… in 2016, only 20% of cyber attacks used fileless techniques. That’s a 13% increase and climbing.

3. Total cost of a successful cyber attack is $301 per employee

Nobody wants to fork out hundreds of dollars for no reason, you least of all.

But if $300 or so per employee is the impact of a cyber attack, it’s not going to make or break your business, is it?

And of that, it seems the biggest negatives come from downtime (39%), inconvenience (27%) and having to spend your cash to fix things up (25%).

ON THE FLIP SIDE: That might be well and good, but it may not tell the whole story. Last year, 6 million Aussies fell prey to cybercrime, coming at a cost of $2.3 billion. Your business may escape relatively unscathed… or it might pay a heavy price.

Plus, with mandatory breach notification laws now in force, there may be impacts beyond financial, such as reputational harm or additional administration in dealing with the cyber attack.

4. It won’t happen to me

On face value, the risk doesn’t seem excessive. In the 2017 “Cyber Scare” report, less than 30% of small to medium-sized businesses reporting having been hit by a cyber crime event.

It’s a much lower rate than larger businesses report, which makes sense, as big business tends to be a juicier target for cyber criminals.

ON THE FLIP SIDE: The 30% figure isn’t one we can just accept. A Symantec survey (reported in the same Cyber Scare report) advised a figure closer to 60% for small businesses and cyber attacks. The stark difference in numbers might be put down to one big factor: how would you know you’ve been the victim of a cyber attack (and report on it as a result)? Data theft or cryptomining malware are two examples of attack that often don’t show any obvious trace.

5. I’m not the only one unprepared

This is true, with Allianz reporting more than half of small businesses (56%, to be precise) in Australia aren’t prepared for cyber attacks.

And there’s a reason for this. Many SME owners are confident their business would handle a security breach, even though 60% responded in a survey they don’t have the resources and expertise.

ON THE FLIP SIDE: With cybersecurity spending expected to reach $96 billion in 2018, businesses worldwide know that cyber attacks are not something to leave yourself vulnerable, regardless of how confident you may be of “bouncing back” from a systems breach or data theft.

* * *

Tongue-in-cheek commentary aside, if you’re running a business today and are online in any form, you need to be aware of the risks and impacts of cyber attacks on your business.

If you’d like a free, no-strings-attached chat on how you can shore up your digital walls, get in touch - we’d be happy to help.